EP2678793B1 - Method for attributing identifiers to objects and discrimination of said objects based on the attributed identifiers - Google Patents

Method for attributing identifiers to objects and discrimination of said objects based on the attributed identifiers Download PDF

Info

Publication number
EP2678793B1
EP2678793B1 EP12705296.7A EP12705296A EP2678793B1 EP 2678793 B1 EP2678793 B1 EP 2678793B1 EP 12705296 A EP12705296 A EP 12705296A EP 2678793 B1 EP2678793 B1 EP 2678793B1
Authority
EP
European Patent Office
Prior art keywords
objects
signature
sensitive
identifier
identifiers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP12705296.7A
Other languages
German (de)
French (fr)
Other versions
EP2678793A1 (en
Inventor
Frédéric Rousseau
Céline THUILLET
David Lacour
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Airbus DS SAS
Original Assignee
Airbus DS SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Airbus DS SAS filed Critical Airbus DS SAS
Publication of EP2678793A1 publication Critical patent/EP2678793A1/en
Application granted granted Critical
Publication of EP2678793B1 publication Critical patent/EP2678793B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to a method of assigning identifiers to objects, and discriminating said objects from assigned identifiers. It also relates to a surveillance system of a set of objects implementing the method according to the invention.
  • the main purpose of the invention is to enable the recognition of a probable existence of at least one sensitive object among a plurality of objects, said probable existence only to be detectable by authorized persons using adapted equipment. More specifically, the invention relates to a method allowing only depositories of a verification tool to classify objects in at least two categories according to their sensitivity on the basis of the identifier that has been assigned to them; in advantageous embodiments, the repositories of the verification tool, like any other unauthorized person, are not able to forge false identities of objects and are not able, at a moment's notice given, to count the sensitive objects among the set of objects.
  • the present invention finds applications in particular in the field of air traffic control, allowing authorized air traffic controllers, and alone, to identify aircraft operating flights qualified as sensitive in the airspace where simultaneously operate commercial aircraft and aircraft government. Government aircraft are almost always considered sensitive. Some commercial aircraft, for example planes used to carry special transports of personalities, materials or funds, can also be qualified as sensitive.
  • the invention also has applications in the telecommunications field, to prevent third parties from discriminating sensitive information from non-sensitive information, transmitted for example on a data bus in a microelectronic module, or transmitted via a radiocommunication interface; in particular, the method according to the invention can be used to prevent a third party from discriminating normal flows and encrypted sensitive streams, or from discriminating voice streams, video streams, data streams, originating from sensitive organizations.
  • the present invention also has applications in the field of logistics, allowing the discrete discrimination of fragile or valuable or dangerous objects (radioactivity) in an environment where they co-exist with common objects.
  • IOB-ICAO International Civil Aviation Organization
  • EUROCONTROL standard document for surveillance data exchange part 12 - ASTERIX Category 021, ADS-B messages
  • the method according to the invention must meet an additional constraint, namely that it must not involve changes in the identities of common objects already existing prior to the implementation of said method.
  • an "ICAO address" identity must provide upward compatibility for common objects, vis-à-vis an unauthorized air traffic controller, that is to say not authorized to discriminate aircraft according to their class (sensitive or common), or vis-à-vis an older air traffic control system, to avoid for example that said older system misinterprets a field of classification information, in some cases can be reduced to a bit of discrimination if said information field is encrypted without being known to it.
  • the prior art does not meet the need for a sensitive flight, that is to say a flight operated in a aircraft which must be discriminable from ordinary commercial flights by the authorized air traffic controllers, who must not be able to forge sensitive flight identities, nor even, advantageously, to enumerate at a given moment given, the precise number of sensitive flights present in the airspace it controls.
  • the invention relates to a system for monitoring a set of objects characterized in that it implements the method according to the invention in any of its implementations.
  • the proposed method does not prejudge the means for transmitting the identifier to be discriminated: the identifier can be transmitted in a field or in a plurality of message fields.
  • the figure 1 unique, is presented only indicative and not limiting of the invention; it shows schematically an illustration of an example of implementation of the method according to the invention.
  • the parameter i is used to number the object in the set of objects 100.
  • the set 100 of objects Oij is divided into a first category 101 of so-called sensitive objects, and a second category 102 of so-called common objects. .
  • the parameter j is used to distinguish between the sensitive objects, j then taking the value S, and the common objects, j then taking the value C.
  • an identifier is assigned to a plurality 103 of objects included in the set of objects 100.
  • objects may not be assigned to one of the categories, either because they have not been spotted by an observer, or because they are assigned to a third category.
  • the construction of a digital identity Idi is carried out in the invention. associated with the object Oij, said construction operation being different for the sensitive objects, and for the common objects.
  • an operation 200 for constructing a digital identity of an object of sensitive category or of common category is performed by respecting the following steps:
  • a predetermined public parameter of the object Ois is first determined.
  • public parameter one designates one or more information attached to the object considered that is otherwise accessible, determinable or known, for a third entity to determine if the identifier received and attached to the object in question is an identifier associated with a sensitive object or not.
  • a public parameter may for example be a fixed number associated with the object in question.
  • the public parameter used comprises at least one piece of information likely to evolve over time. We denote by "X" the public parameter.
  • the public parameter used at the input of the signature function is a parameter that varies over time.
  • a non-sensitive object is assigned any digital identity, while forbidding itself to assign the same digital identity to two distinct non-sensitive objects.
  • the identifier may belong to the set of possible numerical identities resulting from the signature function used to determine the digital identity of the sensitive objects.
  • the identifier of a non-sensitive object has a value that can advantageously belong to the set of result values of the signature function used to determine the digital identity of a sensitive object.
  • the identity of the objects of at least one object category - those of the sensitive category in the present case - is constructed as a signature of a parameter depending, inter alia, on the spatial context and / or time, that is to say, typically of a position of the considered object and / or of an instant at which said object is the subject of a signature operation
  • the identity of the objects of minus another category of objects - those of the category of common objects in this case - is chosen freely by not being constructed according to the explicit constraints of the processes used for the other category; such an operation makes it possible to ensure that an identity that does not comply with the constraints of construction of the other category is subsequently identified as belonging to the common category.
  • the construction of an identity is not definitive; the same object can be assigned several successive identifiers according to the method described.
  • the objects are aircraft, such a precaution makes it impossible to track the position of the aircraft in question over time.
  • the identifiers are transmitted during the transmission operation 104.
  • the transmission can be carried out by radio means, for example in the context of the control. air, but any means of transmission is possible.
  • the transmission can be initiated by the objects identified themselves, for example aircraft, or by remote control equipment.
  • the identifier is a digital identity of identical length (N bits) for all the objects of all categories.
  • the ICAO address includes a country code prefix followed by a fixed aircraft address (adr); for example, in some cases it is a 6-bit prefix and a 12-bit address.
  • the identifiers are received by at least one entity.
  • the receiving entities are a first controller 201 and a second controller 202, only the first controller 201 being an authorized custodian, that is to say a person in possession of the verification key Kp 'to determine the possible presence of a signature in the received identifier.
  • the identifier Idij and the public parameter X are transmitted to a discrimination device 203, typically a calculator, which, by using the verification key Kp 'makes it possible to determine whether the received identifier is capable of to correspond to a signature associated with the public parameter X.
  • the public parameter X is accessible for example by the measurement when it is about spatial and / or temporal information, or by any means of determination other than that used for the transmission of the signature.
  • the repositories of the verification key are not able to construct a valid sensitive object identity using said key.
  • An appropriate choice of the signature algorithm optionally allows defining a role of escrow authority, capable of extracting the identity of a sensitive object from GRP-SIGN, according to sequester authority arrangements known in the prior art of cryptography. Seen from the escrow authority, the process allows only repositories of a verification key to classify objects into two categories ("common” or “potentially sensitive"), providing proof of an object of "common” category; in the opposite case, the object is presumed to be of 'sensitive' category and its identity is not constant over time, except for an escrow authority.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Description

DOMAINE TECHNIQUE DE L'INVENTIONTECHNICAL FIELD OF THE INVENTION

La présente invention se rapporte à un procédé d'attribution d'identifiants à des objets, et de discrimination desdits objets à partir des identifiants attribués. Elle a également pour objet un système de surveillance d'un ensemble d'objets mettant en oeuvre le procédé selon l'invention.The present invention relates to a method of assigning identifiers to objects, and discriminating said objects from assigned identifiers. It also relates to a surveillance system of a set of objects implementing the method according to the invention.

L'invention a essentiellement pour but de permettre la reconnaissance d'une existence probable d'au moins un objet sensible parmi une pluralité d'objets, ladite existence probable ne devant être détectable que par des personnes autorisées utilisant un équipement adapté. Plus précisément, l'invention concerne un procédé permettant aux seuls dépositaires d'un outil de vérification de classer des objets en au moins deux catégories en fonction de leur caractère sensible sur la base de l'identifiant qui leur a été attribué ; dans des modes de mise en oeuvre avantageux, les dépositaires de l'outil de vérification, tout comme une quelconque tierce personne non autorisée, ne sont pas en mesure de forger de fausses identités d'objets et ne sont pas en mesure, à un instant donné, de dénombrer les objets sensibles parmi l'ensemble des objets.The main purpose of the invention is to enable the recognition of a probable existence of at least one sensitive object among a plurality of objects, said probable existence only to be detectable by authorized persons using adapted equipment. More specifically, the invention relates to a method allowing only depositories of a verification tool to classify objects in at least two categories according to their sensitivity on the basis of the identifier that has been assigned to them; in advantageous embodiments, the repositories of the verification tool, like any other unauthorized person, are not able to forge false identities of objects and are not able, at a moment's notice given, to count the sensitive objects among the set of objects.

La présente invention trouve des applications notamment dans le domaine du contrôle aérien, permettant aux contrôleurs aériens autorisés, et à eux seuls, d'identifier des aéronefs opérant des vols qualifiés de sensibles dans l'espace aérien où évoluent simultanément des avions commerciaux et des avions gouvernementaux. Les avions gouvernementaux sont quasiment systématiquement qualifiés de sensibles. Certains avions commerciaux, par exemple des avions utilisés pour réaliser des transports spéciaux de personnalités, matières ou fonds, peuvent également être qualifiés de sensibles. L'invention trouve aussi des applications dans le domaine des télécommunications, pour empêcher que des tiers puissent discriminer des informations sensibles par rapport à des informations non-sensibles, transmises par exemple sur un bus de données dans un module microélectronique, ou transmises via une interface de radiocommunication ; en particulier, le procédé selon l'invention peut être utilisé pour empêcher un tiers de discriminer des flux normaux et des flux sensibles chiffrés, ou de discriminer des flux de voix, des flux vidéo, des flux de données, issus d'organisations sensibles.The present invention finds applications in particular in the field of air traffic control, allowing authorized air traffic controllers, and alone, to identify aircraft operating flights qualified as sensitive in the airspace where simultaneously operate commercial aircraft and aircraft government. Government aircraft are almost always considered sensitive. Some commercial aircraft, for example planes used to carry special transports of personalities, materials or funds, can also be qualified as sensitive. The invention also has applications in the telecommunications field, to prevent third parties from discriminating sensitive information from non-sensitive information, transmitted for example on a data bus in a microelectronic module, or transmitted via a radiocommunication interface; in particular, the method according to the invention can be used to prevent a third party from discriminating normal flows and encrypted sensitive streams, or from discriminating voice streams, video streams, data streams, originating from sensitive organizations.

La présente invention trouve également des applications dans le domaine de la logistique, en permettant la discrimination discrète d'objets fragiles ou precieux ou dangeruex (radio-activité) dans un environnement où ils co-existent avec des objets communs.The present invention also has applications in the field of logistics, allowing the discrete discrimination of fragile or valuable or dangerous objects (radioactivity) in an environment where they co-exist with common objects.

La présente invention sera plus particulièrement décrite, à titre d'exemple uniquement, dans une mise en oeuvre adaptée au contrôle aérien, sans que cette illustration soit limitative de la portée de l'invention.The present invention will be more particularly described, by way of example only, in an implementation adapted to air traffic control, without this illustration being limiting to the scope of the invention.

ARRIERE-PLAN TECHNOLOGIQUE DE L'INVENTIONBACKGROUND OF THE INVENTION

On rappelle qu'il suffit trivialement d'au moins un bit dans une identité numérique pour classer en deux catégories des objets identifiés. Ainsi, par exemple, l'organisation de l'aviation civile internationale (OACI-ICAO) définit une identité dite "ICAO address", incluant au moins un bit de discrimination entre des aéronefs commerciaux et des aéronefs gouvernementaux. Une telle classification, permettant une définition d'identité, est décrite par exemple dans le document "EUROCAE ED-73C MOPS for secondary surveillance radar Mode S transponders EUROCONTROL standard document for surveillance data exchange part 12 - ASTERIX Catégorie 021, ADS-B messages".Remember that it is trivially enough to have at least one bit in a digital identity to classify identified objects into two categories. For example, the International Civil Aviation Organization (ICAO-ICAO) defines an ICAO address, including at least one bit of discrimination between commercial aircraft and government aircraft. Such a classification, allowing an identity definition, is described for example in the document "EUROCAE ED-73C MOPS for secondary radar surveillance Mode S transponders EUROCONTROL standard document for surveillance data exchange part 12 - ASTERIX Category 021, ADS-B messages" .

Le système de classification existant présente un inconvénient à l'aéronautique civile : cette classification permet à tout observateur de l'identité "ICAO address", visible en clair, d'effectuer une discrimination entre aéronefs commerciaux et aéronefs gouvernementaux, et d'une manière plus générale, entre des aéronefs sensibles et des aéronefs communs. Le terme "commun" est utilisé par opposition au terme "sensible" afin de définir une catégorie autre que la catégorie des aéronefs sensibles.The existing classification system presents a disadvantage to civil aviation: this classification allows any observer of the "ICAO address" identity, visible in clear, to discriminate between commercial aircraft and government aircraft, and in a manner that more general, between sensitive aircraft and common aircraft. The term "common" is used as opposed to the term "sensitive" to define a category other than the category of sensitive aircraft.

Par ailleurs, on connaît, dans l'état de la technique, différents outils de sécurité de l'information qui permettent de limiter l'accès notamment à des informations relatives à des identifiants uniquement à des personnes autorisées ayant connaissance de la technique cryptographique utilisée et des clefs intervenant.Furthermore, in the state of the art, various information security tools are known which make it possible to limit access, in particular to information relating to identifiers only to authorized persons having knowledge of the cryptographic technique used and keys intervening.

On connaît ainsi :

  • des outils de la cryptographie symétrique, qui définissent des procédés assurant la confidentialité d'au moins un bit d'une identité en utilisant une clé secrète. Un inconvénient est que le dépositaire de ladite clé secrète, qui lui est fournie pour vérifier le caractère sensible ou non d'une identité, devient symétriquement capable de générer de fausses identités sensibles
  • des outils de la cryptographie symétrique, qui définissent des procédés de codes d'authentification de message dépendant d'une clé secrète, qui conduisent au même inconvénient vis-à-vis du dépositaire capable de générer un faux.
  • des outils de la cryptographie asymétrique, qui définissent des procédés assurant la confidentialité d'au moins un bit d'une identité en utilisant une clé privée connue de l'émetteur et une clé publique associée à l'émetteur. L'application de tels procédés sur les identités fixes d'objets permet au dépositaire de les dénombrer, et ainsi de connaître le nombre d'objets sensibles observés, ce qui peut constituer un inconvénient : en effet, avantageusement, on aspire à réaliser une discrimination de tous les objets présents, sans pour autant permettre le dénombrement des objets sensibles.
  • Les outils de la cryptographie asymétrique, qui définissent des procédés assurant la confidentialité et/ou l'authenticité d'au moins un bit d'une identité, au moyen de chiffrement authentifiant et/ou d'une fonction de signature. Un inconvénient de l'application directe d'un tel procédé est qu'il ne protège pas contre la réutilisation par un tiers d'une identité que le dépositaire autorisé identifierait comme étant commune ou sensible; autrement dit, une protection est nécessaire contre la réutilisation d'une identité associée à un instant à un objet dont la classe (sensible ou commune) est connue par un tiers en collusion avec le dépositaire autorisé ; il faudrait en effet que, avantageusement, le tiers ne puisse rien déduire de l'observation d'une identité associée à un instant à un objet, pour les occurrences ultérieures de cette même identité., même dans le cas où il y a forte présomption qu'il s'agisse d'un objet commun suite à l'information provenant du dépositaire pour l'occurrence antérieure de cette identité.
We thus know:
  • symmetric cryptography tools, which define methods that ensure the confidentiality of at least one bit of an identity by using a secret key. A disadvantage is that the custodian of said secret key, which is provided to him to verify the sensitivity or not of an identity, becomes symmetrically capable of generating false sensitive identities.
  • symmetric cryptography tools, which define methods of message authentication codes dependent on a secret key, which lead to the same disadvantage vis-à-vis the depository capable of generating a false.
  • asymmetric cryptographic tools, which define methods ensuring the confidentiality of at least one bit of an identity by using a private key known to the issuer and a public key associated with the issuer. The application of such methods to the fixed identities of objects allows the custodian to count them, and thus to know the number of sensitive objects observed, which can be a drawback: indeed, advantageously, one aspires to discriminate of all the objects present, without allowing the enumeration of sensitive objects.
  • The tools of asymmetric cryptography, which define processes ensuring the confidentiality and / or authenticity of at least one bit of an identity, by means of authenticating encryption and / or a signature function. A disadvantage of the direct application of such a method is that it does not protect against the re-use by a third party of an identity that the authorized custodian would identify as being common or sensitive; in other words, protection is needed against the reuse of a identity associated at one time with an object whose class (sensitive or common) is known by a third party in collusion with the authorized depositary; it would be necessary, in fact, that, advantageously, the third party can not deduce anything from the observation of an identity associated at one instant with an object, for the subsequent occurrences of this same identity, even in the case where there is a strong presumption that it is a common object following the information coming from the depositary for the previous occurrence of this identity.

Dans l'art antérieure les signature de groupe sont connues, voir CHAUM D: "GROUP SIGNATURES",ADVANCES IN CRYPTOLOGY- EUROCRYPT. INTERNATIONAL CONFERENCE ONTHE THEORY AND APPLICATION OF CRYPTOGRAPHIC TECHNIQUES, SPRINGER VERLAG, DE, 1 avril 1991, qui permettent de signer un message en gardant l'anonymat. Une application des signatures de groupe est l'anonymisation et la sécurité de la communication des véhiculés, voir SUN X ET AL: "Secure Vehicular Communications Based on Group Signature and ID-Based Signature Scheme",PROCEEDINGS OF THE 2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC 2007), 24-28 JUNE 2007, GLASGOW, UK . Par ailleurs, le procédé selon l'invention doit répondre à une contrainte supplémentaire, à savoir qu'il ne doit pas impliquer de modifications dans les identités des objets communs déjà existant préalablement à la mise en oeuvre dudit procédé. Dans l'exemple du domaine de l'aéronautique, il est nécessaire que la mise en oeuvre du procédé pour les identités d'objets sensibles ou communs, assure une compatibilité ascendante avec toutes les identités "ICAO address" des objets communs déjà attribuées, quelles qu'elles soient. En particulier, l'interprétation d'une identité "ICAO address" doit apporter une compatibilité ascendante pour les objets communs, vis-à-vis d'un contrôleur aérien non habilité, c'est-à-dire non autorisé à discriminer les aéronefs en fonction de leur classe (sensible ou commune), ou vis-à-vis d'un système de contrôle aérien plus ancien, afin d'éviter par exemple que ledit système plus ancien n'interprète mal un champ d'information de classification, pouvant dans certains cas être réduit à un bit de discrimination, si ledit champ d'information est chiffré sans que cela lui soit connu.In the prior art the group signature is known, see CHAUM D: "GROUP SIGNATURES", ADVANCES IN CRYPTOLOGY-EUROCRYPT. INTERNATIONAL CONFERENCE ONTHE THEORY AND APPLICATION OF CRYPTOGRAPHIC TECHNIQUES, SPRINGER VERLAG, DE, April 1, 1991, which allows to sign a message anonymously. An application of the group signatures is the anonymisation and the security of the communication of the vehicles, to see SUN X AND AL: "Secure Vehicular Communications Based on Group Signature and ID-Based Signature Scheme", 2007 PROCEEDINGS OF THE IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC 2007), 24-28 JUNE 2007, GLASGOW, UK . Furthermore, the method according to the invention must meet an additional constraint, namely that it must not involve changes in the identities of common objects already existing prior to the implementation of said method. In the example of the field of aeronautics, it is necessary that the implementation of the method for the identities of sensitive or common objects ensures an ascending compatibility with all the identities "ICAO address" of the common objects already allocated, which whether. In particular, the interpretation of an "ICAO address" identity must provide upward compatibility for common objects, vis-à-vis an unauthorized air traffic controller, that is to say not authorized to discriminate aircraft according to their class (sensitive or common), or vis-à-vis an older air traffic control system, to avoid for example that said older system misinterprets a field of classification information, in some cases can be reduced to a bit of discrimination if said information field is encrypted without being known to it.

En conséquence, dans le domaine de l'aéronautique servant ici d'exemple pour illustrer l'invention, l'art antérieur ne répond pas au besoin d'un vol sensible, c'est-à-dire d'un vol opéré dans un aéronef qui doit être discriminable des vols commerciaux ordinaires par les seuls contrôleurs aériens habilités, ceux-ci ne devant pas être capables de forger des identités de vols sensibles, ni même, avantageusement, de dénombrer à un instant donné, le nombre précis de vols sensibles présents dans l'espace aérien qu'il contrôle.Accordingly, in the field of aeronautics used here as an example to illustrate the invention, the prior art does not meet the need for a sensitive flight, that is to say a flight operated in a aircraft which must be discriminable from ordinary commercial flights by the authorized air traffic controllers, who must not be able to forge sensitive flight identities, nor even, advantageously, to enumerate at a given moment given, the precise number of sensitive flights present in the airspace it controls.

DESCRIPTION GENERALE DE L'INVENTIONGENERAL DESCRIPTION OF THE INVENTION

L'objet de l'invention offre une solution au problème qui vient d'être exposé, et intègre les contraintes qui viennent d'être exposées, en proposant un procédé d'attribution d'identifiants à des objets, et de discrimination desdits objets à partir des identifiants attribués, lesdits objets constituant un ensemble d'objets comportant au moins deux catégories d'objets, avec au moins une première catégorie d'objets dits sensibles, et au moins une deuxième catégorie d'objets dits communs, caractérisé en ce que ledit procédé comporte notamment les différentes étapes consistant à :

  • attribuer un identifiant à une pluralité d'objets de l'ensemble d'objets en réalisant les opérations suivantes :
    • pour chaque objet sensible, réaliser une opération de calcul d'une signature au moyen d'une fonction de signature déterminée faisant intervenir une clé de signature, d'au moins un paramètre public associé à l'objet sensible considéré, puis attribuer comme identifiant un numéro d'identification comportant au moins la signature calculée, l'identifiant de l'objet sensible étant ainsi un identifiant signé ;
    • pour chaque objet commun, attribuer comme identifiant un numéro d'identification distinct des identifiants des autres objets communs sans réaliser l'opération de calcul de signature réalisée pour chaque objet sensible, l'identifiant de l'objet commun étant ainsi un identifiant non signé avec la fonction de signature déterminée ;
  • transmettre l'identifiant de l'objet vers un équipement de discrimination, possédant une clé de vérification de chaque signature calculée pour les objets sensibles, ledit équipement de discrimination étant apte à discriminer les identifiants attribués à chaque objet de la pluralité d'objets pour constituer au moins un premier groupe d'objets et un deuxième groupe d'objets distincts.
The object of the invention offers a solution to the problem just described, and integrates the constraints that have just been exposed, by proposing a method for assigning identifiers to objects, and for discriminating said objects to from the assigned identifiers, said objects constituting a set of objects comprising at least two categories of objects, with at least one first category of so-called sensitive objects, and at least one second category of so-called common objects, characterized in that said method comprises in particular the various steps consisting of:
  • assign an identifier to a plurality of objects in the set of objects by performing the following operations:
    • for each sensitive object, performing a calculation operation of a signature by means of a specific signature function involving a signature key, of at least one public parameter associated with the sensitive object under consideration, and then assigning as identifier a identification number comprising at least the calculated signature, the identifier of the sensitive object thus being a signed identifier;
    • for each common object, assigning as identifier a separate identification number of the identifiers of the other common objects without performing the signature calculation operation performed for each sensitive object, the identifier of the common object thus being an unsigned identifier with the signature function determined;
  • transmitting the identifier of the object to a discrimination equipment, having a verification key of each signature calculated for the sensitive objects, said discriminating equipment being able to discriminate the identifiers assigned to each object of the plurality of objects to constitute at least one first group of objects and a second group of distinct objects.

Outre les caractéristiques principales qui viennent d'être mentionnées dans le paragraphe précédent, le procédé selon l'invention peut présenter une ou plusieurs caractéristiques complémentaires parmi les suivantes, considérées individuellement ou selon toutes les combinaisons techniquement possibles :

  • l'opération d'attribution d'un identifiant à un objet commun étant réalisée en attribuant à l'objet commun considéré un identifiant dont la valeur est une valeur résultat de la fonction de signature déterminée utilisée pour attribuer les identifiants aux objets sensibles.
  • le premier groupe d'objets constitué par l'équipement de discrimination est un groupe d'objets, dits objets reçus communs, pour lesquels une opération de vérification de la signature au moyen de la clé de vérification et de l'identifiant attribué a révélé une absence d'utilisation de la fonction de signature déterminée et en ce que le deuxième groupe d'objets, dits objets reçus potentiellement sensibles, pour lesquels une opération de vérification de la signature au moyen de la clé de vérification et de l'identifiant attribué a révélé une présence possible de signature.
  • un premier objet sensible et un deuxième objet sensible sont signés en utilisant respectivement une première clé de signature et une deuxième clé de signature.
  • l'opération d'attribution d'un identifiant à un objet sensible est réalisée à plusieurs reprises, à différents instants.
  • le au moins un paramètre public intervenant dans le calcul de la signature de chaque objet sensible considéré est un paramètre variable dans le temps.
  • le au moins un paramètre public intervenant dans le calcul de la signature de chaque objet sensible considéré est un des paramètres suivants, plusieurs de ces paramètres pouvant être combinés pour faire l'objet du calcul de signature :
    • position spatiale de l'objet sensible considéré, ou une zone géographique d'évolution de l'objet sensible considéré, par exemple une région d'information de vol ;
    • information temporelle, notamment indication de l'instant, ou d'une période temporelle, auquel est réalisé le calcul de signature ;
    • information de vitesse de l'objet sensible considéré.
  • la fonction de signature déterminée est une fonction de signature courte de groupe.
  • les objets sont des engins de type aéronefs, les objets sensibles étant des aéronefs devant faire l'objet d'une surveillance particulière.
In addition to the main features which have just been mentioned in the preceding paragraph, the method according to the invention may have one or more additional characteristics among the following, considered individually or in any technically possible combination:
  • the operation of assigning an identifier to a common object being performed by assigning to the common object considered an identifier whose value is a result value of the determined signature function used to assign the identifiers to the sensitive objects.
  • the first group of objects constituted by the discrimination equipment is a group of objects, called common received objects, for which a verification operation of the signature by means of the verification key and the identifier assigned has revealed a absence of use of the signature function determined and in that the second group of objects, called potentially sensitive received objects, for which a verification operation of the signature by means of the verification key and the identifier assigned has revealed a possible presence of signature.
  • a first sensitive object and a second sensitive object are signed using respectively a first signature key and a second signature key.
  • the operation of assigning an identifier to a sensitive object is performed several times, at different times.
  • the at least one public parameter involved in the calculation of the signature of each sensitive object under consideration is a variable parameter in time.
  • the at least one public parameter involved in the calculation of the signature of each sensitive object under consideration is one of the following parameters, several of these parameters being able to be combined to be the subject of the signature calculation:
    • spatial position of the sensitive object under consideration, or a geographical area of evolution of the sensitive object under consideration, for example a flight information region;
    • temporal information, in particular indication of the instant, or of a time period, at which the signature calculation is performed;
    • velocity information of the sensitive object under consideration.
  • the determined signature function is a short group signature function.
  • the objects are aircraft-type gears, the sensitive objects being aircraft to be subject to particular surveillance.

Selon un autre aspect, l'invention concerne un système de surveillance d'un ensemble d'objets caractérisé en ce qu'il met en oeuvre le procédé selon l'invention dans une quelconque des ses mises en oeuvre.According to another aspect, the invention relates to a system for monitoring a set of objects characterized in that it implements the method according to the invention in any of its implementations.

Le procédé proposé ne préjuge pas du moyen de transmission de l'identifiant à discriminer : l'identifiant peut être transmis en un champ ou en une pluralité de champs de messages.The proposed method does not prejudge the means for transmitting the identifier to be discriminated: the identifier can be transmitted in a field or in a plurality of message fields.

L'invention et ses différentes applications seront mieux comprises à la lecture de la description qui suit et à l'examen des figures qui l'accompagnent.The invention and its various applications will be better understood by reading the following description and examining the figures that accompany it.

BREVE DESCRIPTION DES FIGURESBRIEF DESCRIPTION OF THE FIGURES

La figure 1, unique, n'est présentée qu'à titre indicatif et nullement limitatif de l'invention ; elle représente d'une façon schématique, une illustration d'un exemple de mise en oeuvre du procédé selon l'invention.The figure 1 , unique, is presented only indicative and not limiting of the invention; it shows schematically an illustration of an example of implementation of the method according to the invention.

DESCRIPTION DETAILLEE D'AU MOINS UN MODE DE REALISATION DE L'INVENTIONDETAILED DESCRIPTION OF AT LEAST ONE EMBODIMENT OF THE INVENTION

Sur la figure 1, on a représenté un ensemble 100 d'objets Oij. Le paramètre i est utilisé pour numéroter l'objet dans l'ensemble d'objets 100. L'ensemble 100 d'objets Oij est divisé en une première catégorie 101 d'objets dits sensibles, et une deuxième catégorie 102 d'objets dits communs. Le paramètre j est utilisé pour procéder à la distinction entre les objets sensibles, j prenant alors la valeur S, et les objets communs, j prenant alors la valeur C.On the figure 1 there is shown a set 100 of objects Oij. The parameter i is used to number the object in the set of objects 100. The set 100 of objects Oij is divided into a first category 101 of so-called sensitive objects, and a second category 102 of so-called common objects. . The parameter j is used to distinguish between the sensitive objects, j then taking the value S, and the common objects, j then taking the value C.

Dans le procédé selon l'invention, on attribue un identifiant à une pluralité 103 d'objets compris dans l'ensemble d'objets 100. Dans certains exemples, des objets peuvent ne pas être affectés à une des catégories, soit parce que ils n'ont pas été repérés par un observateur, soit parce que ils sont affectés à une tierce catégorie.In the method according to the invention, an identifier is assigned to a plurality 103 of objects included in the set of objects 100. In some examples, objects may not be assigned to one of the categories, either because they have not been spotted by an observer, or because they are assigned to a third category.

Pour identifier, avant une opération de transmission 104 via un moyen quelconque de communication, par exemple par voie radio, les différents objets de la pluralité 103 d'objets, on procède, dans l'invention, à la construction d'une identité numérique Idi associée à l'objet Oij, ladite opération de construction étant différente pour les objets sensibles, et pour les objets communs.In order to identify, before a transmission operation 104 via any means of communication, for example by radio, the different objects of the plurality of objects, the construction of a digital identity Idi is carried out in the invention. associated with the object Oij, said construction operation being different for the sensitive objects, and for the common objects.

Ainsi, dans un exemple de mise en oeuvre du procédé selon l'invention, une opération 200 de construction d'une identité numérique d'un objet de catégorie sensible ou de catégorie commune est réalisée en respectant les étapes suivantes :
Pour les objets sensibles, on détermine tout d'abord la valeur d'un paramètre public prédéterminé de l'objet Ois. Par paramètre public, on désigne une ou plusieurs informations attachées à l'objet considéré qui sont par ailleurs accessibles, déterminables ou connues, pour une tierce entité amenée à déterminer si l'identifiant reçu et attaché à l'objet considéré est un identifiant associé à un objet sensible ou non. Un tel paramètre public peut par exemple être un numéro fixe associé à l'objet considéré. Avantageusement, le paramètre public utilisé comprend au moins une information susceptible d'évoluer dans le temps. On désigne par "X" le paramètre public.Thus, in an exemplary implementation of the method according to the invention, an operation 200 for constructing a digital identity of an object of sensitive category or of common category is performed by respecting the following steps:
For sensitive objects, the value of a predetermined public parameter of the object Ois is first determined. By public parameter, one designates one or more information attached to the object considered that is otherwise accessible, determinable or known, for a third entity to determine if the identifier received and attached to the object in question is an identifier associated with a sensitive object or not. Such a public parameter may for example be a fixed number associated with the object in question. Advantageously, the public parameter used comprises at least one piece of information likely to evolve over time. We denote by "X" the public parameter.

On utilise alors une fonction de signature, utilisant une clé de signature Kp, pour associer au paramètre public "X" une signature Idis(Oxs) associée à l'objet sensible considéré, et qui constitue l'identifiant à transmettre pour ledit objet sensible considéré. La clé Kp peut être la clé d'un groupe d'objets sensibles ou bien peut être avantageusement spécifique pour chaque objet sensible. Les fonctions de signature sont des fonctions mathématiques connues de l'homme du métier. On pourra ainsi par exemple se référer aux articles de référence suivants:

  • " Short signature from the Weil pairing' Dan Boneh, Hovav Shacham, B. Lynn ; J. of Cryptology, Vol. 17, No. 4, pp. 297-319, 2004 Extended abstract in Asiacrypt 2001); et
  • " Short group signature', Dan Boneh,Xavier Boyen, Hovav Shacham, Advances in Cryptology-CRYPTO 2004, Springer-Verlag .)
A signature function, using a signature key Kp, is then used to associate with the public parameter "X" an Idis signature (Oxs) associated with the sensitive object under consideration, and which constitutes the identifier to be transmitted for said sensitive object considered. . The key Kp may be the key of a group of sensitive objects or may be advantageously specific for each sensitive object. Signature functions are mathematical functions known to those skilled in the art. For example, we can refer to the following reference articles:
  • " Signature Short from the Weil Peer 'Dan Boneh, Hovav Shacham, B. Lynn; J. of Cryptology, Vol. 17, No. 4, pp. 297-319, 2004 Extended Abstract in Asiacrypt 2001); and
  • " Short group signature ', Dan Boneh, Xavier Boyen, Hovav Shacham, Advances in Cryptology-CRYPTO 2004, Springer-Verlag .)

Avantageusement, on prévoit que le paramètre public utilisé en entrée de la fonction de signature est un paramètre qui varie dans le temps.Advantageously, it is expected that the public parameter used at the input of the signature function is a parameter that varies over time.

A l'inverse des opérations observées pour associer une signature à un objet sensible, dans le procédé selon l'invention, on assigne à un objet non sensible une identité numérique quelconque, en s'interdisant avantageusement d'attribuer une même identité numérique à deux objets non sensibles distincts. En revanche, on prévoit avantageusement que l'identifiant peut appartenir à l'ensemble des identités numériques possibles résultant de la fonction de signature utilisée pour déterminer l'identité numérique des objets sensibles. Autrement dit, l'identifiant d'un objet non sensible a une valeur qui peu appartenir avantageusement à l'ensemble des valeurs résultats de la fonction de signature utilisée pour déterminer l'identité numérique d'un objet sensible. En procédant de la sorte, il apparaît que deux objets distincts, un des deux objets étant un objet sensible, et l'autre étant un objet non sensible, peuvent avoir, dans un mode de mise en oeuvre avantageux de l'invention, une même identité numérique.Contrary to the operations observed for associating a signature with a sensitive object, in the method according to the invention, a non-sensitive object is assigned any digital identity, while forbidding itself to assign the same digital identity to two distinct non-sensitive objects. On the other hand, it is advantageously provided that the identifier may belong to the set of possible numerical identities resulting from the signature function used to determine the digital identity of the sensitive objects. In other words, the identifier of a non-sensitive object has a value that can advantageously belong to the set of result values of the signature function used to determine the digital identity of a sensitive object. By proceeding in this way, it appears that two distinct objects, one of the two objects being a sensitive object, and the other being a non-sensitive object, may have, in an advantageous embodiment of the invention, a single object. Numeric identity.

En d'autres termes, l'identité des objets d'au moins une catégorie d'objet - ceux de la catégorie sensible dans le cas présent - est construite comme signature d'un paramètre dépendant, entre autres, du contexte spatial et/ou temporel, c'est-à-dire typiquement d'une position de l'objet considéré et/ou d'un instant auquel ledit objet fait l'objet d'une opération de signature, alors que l'identité des objets d'au moins une autre catégorie d'objets - ceux de la catégorie des objets communs dans le cas présent - est choisie librement en n'étant pas construite conformément aux contraintes explicites des procédés utilisés pour l'autre catégorie ; un tel fonctionnement permet d'assurer qu'une identité non conforme aux contraintes de construction de l'autre catégorie est identifiée par la suite comme appartenant à la catégorie commune.In other words, the identity of the objects of at least one object category - those of the sensitive category in the present case - is constructed as a signature of a parameter depending, inter alia, on the spatial context and / or time, that is to say, typically of a position of the considered object and / or of an instant at which said object is the subject of a signature operation, whereas the identity of the objects of minus another category of objects - those of the category of common objects in this case - is chosen freely by not being constructed according to the explicit constraints of the processes used for the other category; such an operation makes it possible to ensure that an identity that does not comply with the constraints of construction of the other category is subsequently identified as belonging to the common category.

Ainsi, l'opération 200 de construction d'une identité numérique peut se traduire par les équations suivantes :

  • Idij(Oij)=SignatureKp(X(t)) si j=S ;
  • Idij(Oij)≠SignatureKp(X(t)) si j=C
Thus, the operation 200 of building a digital identity can result in the following equations:
  • Idij (Oij) = SignatureKp (X (t)) if j = S;
  • Idij (Oij) ≠ SignatureKp (X (t)) if j = C

Avantageusement, la construction d'une identité n'est pas définitive ; un même objet peut se voir attribuer plusieurs identifiants successifs selon la méthode décrite. Dans le cas où les objets sont des aéronefs, une telle précaution permet de rendre impossible le suivi dans le temps de la position de l'aéronef considéré.Advantageously, the construction of an identity is not definitive; the same object can be assigned several successive identifiers according to the method described. In the case where the objects are aircraft, such a precaution makes it impossible to track the position of the aircraft in question over time.

On donne ici un exemple concret de mise en oeuvre de l'étape de construction d'une identité numérique pour un objet sensible :
Dans cet exemple :

  • on considère un premier paramètre public NONCE qui est un nombre utilisé une seule fois par l'un parmi l'ensemble des objets sensibles à identifier pendant une longue période d'observation, typiquement plusieurs minutes, ledit NONCE étant choisi de telle sorte que la succession des NONCE disponibles pour l'ensemble des objets sensibles soit monotone et soit calculable de manière universelle par l'ensemble des entités intervenant dans le procédé selon l'invention; NONCE représente ici une valeur d'un compteur monotone global, tel que, par exemple, un compteur de temps issu d'une horloge universelle, fournie par le système GPS ou GALILEO ;
  • on considère un deuxième paramètre public, POSITION, qui est un nombre dont la sémantique est avantageusement associée à une coordonnée géographique ;
  • on considère la valeur PARAM, qui est le résultat d'une fonction associant NONCE, POSITION et éventuellement d'autres paramètres publics ; par exemple PARAM est le résultat d'une concaténation de NONCE et POSITION
  • on considère la valeur t-MAC, qui est le résultat d'un algorithme de hachage cryptographique applicable à PARAM, optionnellement tronqué sur t bit
  • on peut alors calculer la valeur, au moyen d'un équipement apte à appliquer une fonction de signature, GRP-SIGN, qui est une signature courte, qui est éventuellement une signature courte de groupe, de longueur N bits à partir de la valeur t-MAC, calculée selon un algorithme et des paramètres communs à tous les objets sensibles, et associée à au moins une clé de vérification Kp' ; l'avantage d'utiliser une signature courte réside dans le fait que l'identifiant signé à transmettre n'excède pas quelques centaines de bits, et ne consomme pas trop de bande passante lors de sa transmission dans le cas d'une transmission radio ; l'avantage d'utiliser une signature de groupe réside dans le fait qu'on peut vérifier que le signataire appartient audit groupe d'objets sensibles sans pouvoir l'identifier individuellement
  • une identité d'un objet sensible pour les paramètres NONCE et POSITION est ainsi égale à :
    GRP-SIGN (t-MAC(PARAM(NONCE, POSITION))).
We give here a concrete example of implementation of the step of building a digital identity for a sensitive object:
In this example:
  • consider a first public parameter NONCE which is a number used once by one of the set of sensitive objects to be identified during a long observation period, typically several minutes, said NONCE being chosen so that the succession NONCE available for the set of sensitive objects is monotonous and is universally computable by all the entities involved in the method according to the invention; NONCE represents here a value of a global monotone counter, such as, for example, a time counter from a universal clock, provided by the GPS or GALILEO system;
  • we consider a second public parameter, POSITION, which is a number whose semantics are advantageously associated with a geographical coordinate;
  • we consider the value PARAM, which is the result of a function associating NONCE, POSITION and possibly other public parameters; for example PARAM is the result of a concatenation of NONCE and POSITION
  • we consider the value t-MAC, which is the result of a cryptographic hashing algorithm applicable to PARAM, optionally truncated on t bit
  • the value can then be calculated by means of a device capable of applying a signature function, GRP-SIGN, which is a short signature, which is possibly a short group signature, of length N bits from the value t -MAC, calculated according to an algorithm and parameters common to all the sensitive objects, and associated with at least one verification key Kp '; the advantage of using a short signature lies in the fact that the signed identifier to be transmitted does not exceed a few hundred bits, and does not consume too much bandwidth when it is transmitted in the case of a radio transmission; the advantage of using a group signature lies in the fact that it can be verified that the signer belongs to said group of sensitive objects without being able to identify it individually
  • an identity of a sensitive object for the parameters NONCE and POSITION is thus equal to:
    GRP-SIGN (t-MAC (PARAM (NONCE, POSITION))).

Une fois les identifiants attribués à l'ensemble d'objets de la pluralité 103 d'objets, lesdits identifiants sont transmis lors de l'opération de transmission 104. La transmission peut être réalisée par des moyens radio, par exemple dans le contexte du contrôle aérien, mais tout moyen de transmission est envisageable. La transmission peut être initiée par les objets identifiés eux-mêmes, par exemple des aéronefs, ou par un équipement de contrôle distant. Sans restreindre la généralité du procédé selon l'invention, l'identifiant est une identité numérique de longueur (N bits) identique pour tous les objets de toutes catégories.Once the identifiers have been assigned to the set of objects of the plurality of objects, said identifiers are transmitted during the transmission operation 104. The transmission can be carried out by radio means, for example in the context of the control. air, but any means of transmission is possible. The transmission can be initiated by the objects identified themselves, for example aircraft, or by remote control equipment. Without limiting the generality of the method according to the invention, the identifier is a digital identity of identical length (N bits) for all the objects of all categories.

Dans le contexte du contrôle aérien, l'adresse ICAO comprend un préfixe de code pays suivi d'une adresse d'avion fixe (adr); par exemple dans certain cas il s'agit d'un préfixe de 6 bits et d'une adresse de 12 bits. L'identifiant numérique considéré peut par exemple être la concaténation de ladite adresse adr et d'un complément d'adresse d'au moins 144 bits, transmis dans un message étendu. Dans cet exemple, on a alors un identifiant de N = 162 bits.In the context of air traffic control, the ICAO address includes a country code prefix followed by a fixed aircraft address (adr); for example, in some cases it is a 6-bit prefix and a 12-bit address. The numerical identifier considered may for example be the concatenation of said adr address and an address complement of at least 144 bits, transmitted in an extended message. In this example, we have an identifier of N = 162 bits.

Les identifiants sont reçus par au moins une entité.The identifiers are received by at least one entity.

Dans l'exemple représenté à la figure 1, les entités réceptrices sont un premier contrôleur 201 et un deuxième contrôleur 202, seul le premier contrôleur 201 étant un dépositaire autorisé, c'est-à-dire une personne en possession de la clé de vérification Kp' permettant de déterminer la présence éventuelle d'une signature dans l'identifiant reçu.In the example shown in figure 1 , the receiving entities are a first controller 201 and a second controller 202, only the first controller 201 being an authorized custodian, that is to say a person in possession of the verification key Kp 'to determine the possible presence of a signature in the received identifier.

Ainsi, dans l'exemple illustré, l'identifiant Idij et le paramètre public X sont transmis à un équipement de discrimination 203, typiquement un calculateur, qui, en utilisant la clé de vérification Kp' permet de déterminer si l'identifiant reçu est susceptible de correspondre à une signature associée au paramètre public X. Le paramètre public X est accessible par exemple par la mesure lorsqu'il s'agit d'information spatiale et/ou temporelle, ou par un moyen de détermination quelconque autre que celui utilisé pour la transmission de la signature.Thus, in the illustrated example, the identifier Idij and the public parameter X are transmitted to a discrimination device 203, typically a calculator, which, by using the verification key Kp 'makes it possible to determine whether the received identifier is capable of to correspond to a signature associated with the public parameter X. The public parameter X is accessible for example by the measurement when it is about spatial and / or temporal information, or by any means of determination other than that used for the transmission of the signature.

En reprenant l'exemple concret qui a été détaillé pour l'attribution des identifiants, l'étape de discrimination du procédé selon l'invention se déroule de la manière suivante :

  • on récupère, par des procédés hors du propos de la présente invention, les paramètres NONCE et POSITION associés à l'identité étudiée (par exemple, en utilisant un système de surveillance de la navigation aérienne, le paramètre NONCE étant la date de l'observation et le paramètre POSITION étant la position de l'objet à la date de l'observation)
  • on teste l'hypothèse que l'objet est un objet sensible observé pour les paramètres NONCE et POSITION selon le procédé d'attribution d'identifiants pour un objet sensible : tester si l'identité dudit objet observé est GRP-SIGN (t-MAC(PARAM(NONCE, POSITION))). Seul le premier contrôleur 201 est apte à réaliser ce test ; le second contrôleur 202 ne possédant pas la clé de vérification Kp' n'est pas en mesure d'effectuer un tel test.
  • si le test échoue, l'identité est alors à considérer comme étant celle d'un objet commun, la preuve ayant été fournie qu'il ne s'agit pas d'un objet sensible ;
  • si le test réussit, l'objet peut être présumé appartenir à la catégorie sensible ; en effet, dans le mode de mise en oeuvre avantageux selon lequel l'ensemble des valeurs d'identifiant d'un objet non sensible a des valeurs communes avec - ou contient -le sous-ensemble des valeurs résultats de la fonction de signature utilisée pour déterminer l'identité numérique d'un objet sensible, il se peut que le test soit réussi alors même que l'identifiant testé soit celui d'un objet commun ; ainsi, même un dépositaire autorisé possédant la clé de vérification ne peut pas dénombrer, à un instant t, le nombre d'objets sensibles présents parmi la pluralité d'objets observés.
Referring to the concrete example which has been detailed for the allocation of the identifiers, the discrimination step of the method according to the invention takes place as follows:
  • the NONCE and POSITION parameters associated with the identity studied are recovered by methods outside the scope of the present invention (for example, using an air navigation monitoring system, the NONCE parameter being the observation date). and the POSITION parameter being the position of the object at the date of the observation)
  • the hypothesis is tested that the object is a sensitive object observed for the parameters NONCE and POSITION according to the method of assigning identifiers for a sensitive object: to test if the identity of said observed object is GRP-SIGN (t-MAC (PARAM (NONCE, POSITION))). Only the first controller 201 is able to perform this test; the second controller 202 does not having the verification key Kp 'is not able to perform such a test.
  • if the test fails, the identity is then to be considered as that of a common object, the proof having been furnished that it is not a sensitive object;
  • if the test succeeds, the object can be presumed to belong to the sensitive category; indeed, in the advantageous embodiment in which the set of identifier values of a non-sensitive object has common values with - or contains - the subset of the result values of the signature function used for to determine the digital identity of a sensitive object, the test may be successful even though the identifier tested is that of a common object; thus, even an authorized dealer having the verification key can not count, at a time t, the number of sensitive objects present among the plurality of objects observed.

En outre, dans le procédé selon l'invention, les dépositaires de la clé de vérification ne sont pas en mesure de construire une identité d'objet sensible valide en utilisant ladite clé.In addition, in the method according to the invention, the repositories of the verification key are not able to construct a valid sensitive object identity using said key.

Un choix approprié de l'algorithme de signature permet optionnellement de définir un rôle d'autorité de séquestre, capable d'extraire l'identité d'un objet sensible à partir de GRP-SIGN, selon des modalités d'autorité de séquestre connues dans l'art antérieur de la cryptographie. Vu de l'autorité de séquestre, le procédé permet aux seuls dépositaires d'une clé de vérification de classer des objets en deux catégories ("commune" ou "potentiellement sensible"), en apportant une preuve s'il s'agit d'un objet de catégorie "commune" ; dans le cas contraire, l'objet est présumé de catégorie 'sensible' et son identité n'est pas constante dans le temps, sauf pour une autorité de séquestre.An appropriate choice of the signature algorithm optionally allows defining a role of escrow authority, capable of extracting the identity of a sensitive object from GRP-SIGN, according to sequester authority arrangements known in the prior art of cryptography. Seen from the escrow authority, the process allows only repositories of a verification key to classify objects into two categories ("common" or "potentially sensitive"), providing proof of an object of "common" category; in the opposite case, the object is presumed to be of 'sensitive' category and its identity is not constant over time, except for an escrow authority.

L'objet de l'invention peut s'étendre directement à partir de la description précédente à tout système de transmission d'informations sur des d'objets, associés à des identités de longueur N bits, comprenant

  • zéro, un ou une pluralité d'objets communs, dont l'identité est attribuée selon le procédé décrit,
  • un ou une pluralité d'objets sensibles, dont l'identité est construite selon le procédé, et associé à au moins une clé de vérification Kp'
  • au moins un contrôleur dépositaire de la clé Kp' et capable de discriminer des objets en fonction de leur identité,
  • optionnellement, une autorité de séquestre, seule capable d'identifier le signataire d'un identifiant associé à un objet sensible et ainsi d'extraire l'identité d'un objet sensible.
The object of the invention can be extended directly from the preceding description to any information transmission system on objects associated with identities of length N bits, comprising
  • zero, one or a plurality of common objects, whose identity is assigned according to the method described,
  • one or a plurality of sensitive objects, whose identity is constructed according to the method, and associated with at least one verification key Kp '
  • at least one depository controller of the key Kp 'and capable of discriminating objects according to their identity,
  • optionally, a sequestration authority, only able to identify the signer of an identifier associated with a sensitive object and thus extract the identity of a sensitive object.

Claims (9)

  1. A method for assigning identifiers (Idij) to objects (Oij), and for discriminating said objects (Oij) from the identifiers assigned, said objects (Oij) being comprised of a set of objects (100) including at least two categories of objects, with at least one first category (101) of so-called sensitive objects (Ois), and at least one second category (102) of so-called common objects (Oic), characterised in that the method includes in particular the different steps of:
    - assigning (200) an identifier (Idij) to each object of a plurality of objects of the set of objects by performing the following operations:
    - for each sensitive object (Ois), performing an operation of calculating a signature by means of a determined signature function involving a signature key (Kp), at least one public parameter (X) associated with the sensitive object considered (Ois), and then assigning as an identifier an identification number including at least the signature calculated, the identifier of the sensitive object being thus an identifier signed;
    - for each common object (Oic), assigning as an identifier an identification number distinct from the identifiers of the other common objects without performing the operation of calculating the signature performed for each sensitive object, the identifier of the common object being an identifier the value of which is a result value of the determined signature function used for assigning the identifiers to the sensitive objects, the identifier being unsigned by the determined signature function;
    - transmitting (104) the identifier of the object to a discrimination piece of equipment (203), having a key (Kp') for checking each signature calculated for the sensitive objects, said discrimination piece of equipment being able to discriminate the identifiers assigned to each object of the plurality of objects to comprise at least a first group of objects and a second group of objects which are distinct.
  2. The method according to the preceding claim, characterised in that the first group of objects determined by the discrimination piece of equipment is a group so-called common objects, and in that the second group of objects is so-called potentially sensitive objects, the so-called common objects being the objects for which an operation of checking the signature by means of the checking key and the assigned identifier has revealed an absence of use of the determined signature function, and so-called potentially sensitive objects being the objects for which an operation of checking the signature by means of the checking key and the assigned identifier has revealed a possible presence of signature.
  3. The method according to any of the preceding claims, characterised in that a first sensitive object and a second sensitive object are signed using a first signature key and a second signature key respectively.
  4. The method according to any of the preceding claims, characterised in that the operation of assigning an identifier to a sensitive object is made several times, at different moments.
  5. The method according to any of the preceding claims, characterised in that at least one public parameter involved in calculating the signature of each sensitive object considered is a parameter varying over time.
  6. The method according to any of the preceding claims, characterised in that at least one public parameter involved in calculating the signature of each sensitive object considered is one of the following parameters, wherein several of these parameters can be combined for being signature calculated:
    - spatial position of the sensitive object considered;
    - time information, in particular indication of the moment at which the signature calculation is made;
    - speed information for the sensitive object considered.
  7. The method according to any of the preceding claims, characterised in that the determined signature function is a short group signature function.
  8. The method according to any of the preceding claims, characterised in that the objects are aircraft type vehicles, the sensitive objects being aircrafts having to be particularly monitored.
  9. A system for monitoring a set of objects characterised in that it implements the method according to any of the preceding claims for performing discrimination of said monitored objects.
EP12705296.7A 2011-02-25 2012-02-21 Method for attributing identifiers to objects and discrimination of said objects based on the attributed identifiers Active EP2678793B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1151579A FR2972065B1 (en) 2011-02-25 2011-02-25 A METHOD FOR ASSIGNING IDENTIFIERS TO OBJECTS, AND DISCRIMINATION OF THESE OBJECTS FROM THE IDENTIFIERS ATTRIBUTED
PCT/EP2012/052959 WO2012113806A1 (en) 2011-02-25 2012-02-21 Method of allocating identifiers to objects, and of discriminating said objects on the basis of the allocated identifiers

Publications (2)

Publication Number Publication Date
EP2678793A1 EP2678793A1 (en) 2014-01-01
EP2678793B1 true EP2678793B1 (en) 2018-05-02

Family

ID=44312399

Family Applications (1)

Application Number Title Priority Date Filing Date
EP12705296.7A Active EP2678793B1 (en) 2011-02-25 2012-02-21 Method for attributing identifiers to objects and discrimination of said objects based on the attributed identifiers

Country Status (3)

Country Link
EP (1) EP2678793B1 (en)
FR (1) FR2972065B1 (en)
WO (1) WO2012113806A1 (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2834403B1 (en) * 2001-12-27 2004-02-06 France Telecom CRYPTOGRAPHIC GROUP SIGNATURE SYSTEM

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
FR2972065B1 (en) 2015-08-21
FR2972065A1 (en) 2012-08-31
EP2678793A1 (en) 2014-01-01
WO2012113806A1 (en) 2012-08-30

Similar Documents

Publication Publication Date Title
EP3270538B1 (en) Authentication method and system using confused circuits
EP2345202B1 (en) Digital signature method in two steps
EP3304409B1 (en) Securing digital data
EP2296086B1 (en) Protection of prime number generation against side-channel attacks
EP3241137B1 (en) Method carried out in an identity document and corresponding identity document
US20220012366A1 (en) Privacy-Preserving Image Distribution
WO2018211026A1 (en) Method for securing communication without management of states
Kumar Cloud computing security issues and its challenges: a comprehensive research
Muddumadappa et al. An efficient reconfigurable cryptographic model for dynamic and secure unstructured data sharing in multi-cloud storage server
WO2018096237A1 (en) Searchable encryption method
EP2678793B1 (en) Method for attributing identifiers to objects and discrimination of said objects based on the attributed identifiers
CN110222187B (en) Common activity detection and data sharing method for protecting user privacy
EP3316549B1 (en) Method for verifying the identity of a user by means of a public database
EP3594880A1 (en) Method for secured cryptographic data transmission
FR3039956B1 (en) CONFIGURATION OF CRYPTOGRAPHIC SYSTEMS
FR3081652A1 (en) METHOD FOR ESTABLISHING KEYS FOR CONTROLLING ACCESS TO A SERVICE OR A RESOURCE
FR3039909B1 (en) CRYPTOGRAPHIC CONTACT KEY (CIK) INCORPORATED IN A REMOVABLE DATA CARTRIDGE
EP2936302A1 (en) Chaotic sequence generator
EP2873022B1 (en) Method of secure comparative processing
Banasode et al. Protecting and Securing Sensitive Data in a Big Data Using Encryption
FR3039950A1 (en) SERVER OF CRYPTOGRAPHIC KEYS INCORPORATED IN A DATA TRANSFER SYSTEM
Nagar et al. Implementation of Blockchain for Fair polling System
US11936668B2 (en) Identifying credential attacks on encrypted network traffic
EP2876611B1 (en) Method for secure transmission of an image of an electronic identity document to a terminal
WO2021240103A1 (en) Grouping of trajectories in the encrypted domain

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20130910

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: AIRBUS DS SAS

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602012045868

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0021000000

Ipc: G06F0021620000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/62 20130101AFI20171103BHEP

INTG Intention to grant announced

Effective date: 20171121

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 996026

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180515

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602012045868

Country of ref document: DE

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: FRENCH

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602012045868

Country of ref document: DE

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20180502

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180802

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180802

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180803

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 996026

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602012045868

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20190205

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190221

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20190228

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190228

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190228

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190221

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190228

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180903

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180902

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20120221

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180502

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20230119

Year of fee payment: 12

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20240123

Year of fee payment: 13

Ref country code: GB

Payment date: 20240123

Year of fee payment: 13